How Do I Maintain a Session in JAX-RPC?

Clients cannot maintain sessions with JAX-RPC endpoints. There
is a client and server aspect to sessions, and it is not obvious how
to set this up.

The situation is that a client makes a call to the service,
and the server responds and sets a cookie on the connection. From
then on, the client sends back that same cookie with each call and
the server can check it.

A JAX-RPC stub normally ignores the cookie that comes back.
When the SESSION_MAINTAIN_PROPERTY is set to true, it sends back whatever cookie the server set on it.

On the server side, you need to add one field to your class
and a method that sets it. The endpoint must implement javax.xml.rpc.server.ServiceLifecycle., and two methods must be added: destroy() (which
can be empty) and init(Object context).

Add a ServletEndpointContext object to the
endpoint; for example myServletEndpointContext.
The init(Object context) method can be set as follows:

myServletEndpointContext = (ServletEndpointContext) context;

From then on, the business methods can access to the HttpSession with myServletEndpointContext.getHttpSession().
The first call to getHttpSession creates the session,
if one does not already exist.

With this model, any method the client calls can get the session,
set session attributes, get values from it, and so on. From then on,
the client will send back the same cookie information.